How to encrypt partition using LUKS-2? I have an empty partition (say /dev/sda1) that I want to encrypt with LUKS-2 and be able to open it with passphrase from commonly used file managers (Dolphin, PCManFM-Qt, etc). I prefer a GUI like KDE Partition Manager, but that seems to still use LUKS-1. Is there another GUI …
Where does cryptomount in Grub create decrypted disks The documentation contains: Successfully decrypted disks are named as (cryptoX) and have increasing numeration suffix for each new decrypted disk. If the encrypted disk hosts some higher level of abstraction (like LVM2 or MDRAID) it will be created under a separate device namespace in addition to the …
How do I use LUKS encrypted partitions with Kubuntu 24.04 installation? I am trying to install Kubuntu 24.04 with manual partitioning. I have created primary partitions for EFI and boot, and an encrypted partition with logical volumes for swap, root, and home. Previously, after this step I just run the Kubuntu installer, manually assigned /dev/mapper/vg0-* …
Moving from plain LUKS to LVM on LUKS At installation I forgot to create a logical volume group in LUKS container. I won’t reinstall the system. So how do I create LVG in LUKS container without data loss? My plan is: Install lvm2 package Backup / using rsync to another drive Create logical volumes I …
Can a FIDO2 Security Token be removed after unlocking a LUKS volume at boot? A FIDO2 security token should be used for decrypting all disks in a linux machine at boot. systemd allows this since version 248. Can the FIDO2 Security Token be removed after boot when using LUKS for full disk encryption, or does …
LUKS encryption: Hide disk unlock target on boot I would like to hide the device name of the LUKS-encrypted disk that is supposed to be unlocked during boot on Kali Purple. Currently whenever I boot my system there is a password prompt and below a small text banner which reads "Please unlock disk sda1_crypt" (example …
Does GRUB 2.12 now support detached headers? In GRUB’s project status update, at FOSDEM 2022, they talked about adding detached headers support in GRUB 2.12 (for decryption) : Add cryptodisk detached headers and key files support, Denis ‘GNUtoo’ Carikli, Glenn Washburn,Patrick Steinhardt GRUB 2.12 was released in December 2023, but I couldn’t find any mention …
How do I rescue an encrypted LUKS partition after failed shrink I had an encrypted ext4 partition on a Samsung T7 1TB USB drive. It was LUKS (I believe this may be called a LUKS container?) The partition was 850GB. It had about 130GB in use. I also had an unencrypted 100GB NTFS partition and …
How to install cryptsetup-luks I’m actually trying to setup LUKS on a Red Hat 9.2 Server. Here is the problem : I can’t do yum install cryptsetup-luks or dnf install cryptsetup-luks. When I try to use one of these command I have the following output : no match for parameter: cryptsetup-luks error: unable to find …
Can a LUKS2 detached header technically be used for multiple drives? First, I’m aware that a similar question has already been answered. The answer was YES, but I’d like a second opinion, because : The question didn’t specify if it was LUKS1 or LUKS2 Something I’ve read on Wikipedia casts a doubt in my mind. …
how to close encrypted partition with nested partition table? If I create an encrypted partition using cryptsetup cryptsetup -q luksFormat /dev/vdb3 /tmp/pwfile cryptsetup -d /tmp/pwfile luksOpen /dev/vdb3 pv00 and setup a nested gpt partition table on /dev/mapper/pv00 parted=/sbin/parted disk=/dev/mapper/pv00 ${parted} -s — "${disk}" mklabel gpt ${parted} -s — "${disk}" mkpart root 0% "${endp1}GiB" ${parted} -s …
Scripting fdisk with filesystem signature issues I’m trying to automatize fdisk with my Bash scripts. In my script, I have the following code block: echo "Creating root filesystem partition…" ( echo n echo 3 echo echo echo w ) | fdisk ${DEVICE} Where the DEVICE is physical disks like /dev/sda /dev/nvme0n1 etc. but not partitions. …
Is it risky to use hibernation in Ubuntu? I’ve read that hibernation often causes trouble in Linux environments, e.g. system fails to wake-up or freezes and sometimes even refuses booting after reset. I really like the idea of hibernating the system into a zero-power state, especially for traveling. But I don’t wanna hurt my system’s …
LUKS Encryption – Readable content In LUKS, only files get encrypted, not the entire drive. So my question is, what is accessible if just files are encrypted. For example: Are file paths or file names visible? (Eg: For Enrypted ZIP Files using ZipCrypto i can see full paths, filenames which makes it possible to attack)?? …
volume group not found on linux laptop after update After a recent update (not sure if that was the first including a new kernel 6.1) my ubuntu linux laptop cannot boot anymore the error is Volume group “ubuntu-vg” not found Cannot process volume group ubuntu vg IO error while decrypting keyslot. Keyslot open failed. Device …
LUKS encrypted USB: "Operation cancelled" error on correct passphrase I’m asking as a new question because I don’t have enough rep to comment on answers, and the drive in question here is removable. I’ve set up an encrypted USB drive using cryptsetup luksFormat, but I’m having trouble mounting it on insertion as I can with …
How to increase the size of a LUKS file-container There are many tips on how to resize (increase) a LUKS2 encrypted device / partition / LVM volume. But how to increase the size of the LUKS container created in the file? I once created: dd if=/dev/random of=/some file bs=1M count=100 cryptsetup luksFormat /some-file cryptsetup luksOpen …
FIDO2 (YubiKey) to unlock LUKS from command line Following the example of how to add a FIDO2 key from a YubiKey, but I can’t figure out how to use the YubiKey to unlock it form the command line. The instructions talk about unlocking at boot–but that’s not what I want. Setup Make a 128 MiB …
Is it possible to check if a LUKS device has been damaged by a foreign person? Let’s assume I lost a LUKS encrypted USB pen drive. I think the file system type (ext4/fat32/…) doesn’t play a role. A foreign person finds it. Of course he cannot access my data because he doesn’t have the password. …
Mount encrypted volume in read/write mode The canonical method to mount encrypted volumes from the command line on later Ubuntu editions involves udisksctl. However, that recipe mounts the volume in read-only mode. $ udisksctl unlock -b /dev/sdd1 Passphrase: Unlocked /dev/sdd1 as /dev/dm-1. $ ls -la /dev/mapper total 0 drwxr-xr-x 2 root root 100 apr 2 …
